Read the SSL Certificate information from a remote server | openssl s_client -connect www.feistyduck.com:443 -CAfile /etc/ssl/certs /ca-certificates.crt
You may want to monitor the validity of an SSL certificate from a remote server, without having the certificate.crt
text file locally on your server? You can use the same openssl
for that.
To connect to a remote host and retrieve the public key of the SSL certificate, use the following command.
openssl s_client -connect www.feistyduck.com:443 -CAfile /etc/ssl/certs -CAfile /etc/ssl/certs /ca-certificates.crt
$ openssl s_client -showcerts -connect ma.ttias.be:443
This will connect to the host ma.ttias.be
on port 443
and show the certificate. It's output looks like this.
$ openssl s_client -showcerts -connect ma.ttias.be:443
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgISESHAjlbjcoBHxBYXS12oY6VjMA0GCSqGSIb3DQEBCwUA
...
CzgXBhDR3themzPx4jwx2ckNFpNDK/6yQgrKaHTewAAj
-----END CERTIFICATE-----
---
Server certificate
subject=/C=BE/OU=Domain Control Validated/CN=ma.ttias.be
issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
---
There's many more output, like the intermediate CA certificates, the raw certificates (encoded) and more information on the ciphers used to negotiate with the remote server.
You can use it to find the expiration date, to test for SSL connection errors, ...
certificate.crt
text file locally on your server? You can use the same openssl
for that.ma.ttias.be
on port 443
and show the certificate. It's output looks like this.
Comments
Post a Comment